Oracle Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Servers - Database Servers
Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, disclose sensitive information, data manipulation, cross-site scripting and bypass security restriction on the targeted system.
[Updated 30-Oct-2020] Note: One of the vulnerabilities (CVE-2020-14882) is currently being exploited in the wild.
Impact
- Cross-Site Scripting
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Data Manipulation
System / Technologies affected
- MySQL
- Java SE
- Oracle Database Server
- WebLogic Server
For other Oracle products, please refer to the link below:
https://www.oracle.com/security-alerts/cpuoct2020.html
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Oracle Critical Patch Update Advisory
Vulnerability Identifier
Source
Related Link
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://us-cert.cisa.gov/ncas/current-activity/2020/10/20/oracle-releases-october-2020-security-bulletin-0
- https://isc.sans.edu/diary/26734
- https://securityaffairs.co/wordpress/110137/hacking/weblogic-flaw-cve-2020-14882-attacks.html
- https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
Share with